Closed hvelarde closed 6 years ago
We already catch TypeError
and etree.ParseError
here. It seems fine to add AttributeError
there.
Can you maybe temporarily edit auto.py
and catch AttributeError
? Then the code will log a warning which includes the URL where this fails. That would be interesting.
thank you, very much, @mauritsvanrees; I did what you said:
2017-08-02T17:26:07 WARNING plone.protect error parsing dom, failure to add csrf token to response for url https://www.cartacapital.com.br/camara-decide-se-temer-pode-ser-julgado-pelo-stf-acompanhe/recent-updates
I'll make a PR adding AttributeError
to the exception.
@rodfersou just to confirm the issue is in this view:
@mauritsvanrees I tried to disable plone.protect
at this view, but this don't make stop the exception https://github.com/collective/collective.liveblog/pull/39/files
My bet is that the parser is breaking when I do a return ''
or because this view just return the <article>
tag, what makes an invalid html https://github.com/collective/collective.liveblog/blob/master/src/collective/liveblog/browser/templates/recent_updates.pt
But first of all, I disabled it, and should never get into the parser.
Could you please help me understand what is going on here?
You cannot completely disable plone.protect
, you can only disable the csrf protection check: plone.protect
then does not complain or redirect to the confirm-action
page. But it still looks through your html for any forms or link tags where it injects an _authenticator
value. That is where it goes wrong here.
While searching for the original error, I found a bug report in collective.liches which suggests this may happen when your content has only whitespace characters. Indeed I can confirm this:
>>> from repoze.xmliter.utils import getHTMLSerializer
>>> getHTMLSerializer(' ')
Traceback (most recent call last):
File "<console>", line 1, in <module>
File ".../repoze.xmliter/repoze/xmliter/utils.py", line 32, in getHTMLSerializer
doctype=doctype,
File ".../repoze.xmliter/repoze/xmliter/utils.py", line 19, in getXMLSerializer
return XMLSerializer(root.getroottree(), serializer, pretty_print, doctype=doctype)
AttributeError: 'NoneType' object has no attribute 'getroottree'
Can that be the case for you? A workaround would then be to check this in collective.liveblog and make sure to only return an empty string in that case. Well, then it may raise an XMLSyntaxError
... Can you check if that helps at all?
I guess it would be fine to add a check for this in plone.protect
: if the original is a string or unicode and is either empty or only contains white space, simply return the original.
@mauritsvanrees thank you for your feedback. The problem is exactaly what you said, in this case the html is: '\n\n \n \n\n\n'.
Fixed it in this PR.
@hvelarde can you please help me to fix the tests on Plone 5?
With PR #65 merged last year, and with PR #69 merged just now, I think this bug is gone.
Plone 4.3.11 with plone4.csrffixes 1.1 and plone.protect 3.0.19; there are a lot of messages in like this one in the event log:
we have no idea what is causing this and I see no relation with any specific piece of content.
the following hotfixes are also installed: